Posted by Virus Bulletin on Jul 30, 2015
This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel.
Today, malware that affects the Windows kernel is ubiquitous - the majority of sophisticated attacks against Windows users have at least one component executing in the operating system kernel. But in 1993, the Windows kernel remained untouched by malware - and indeed Windows viruses were somewhat cumbersome and technically quite simple. That was until Cyber Riot came along.
While previous Windows viruses had operated fairly simply, Cyber Riot was the first Windows-specific virus to remain resident and to intercept the execute function by infecting KRNL386.EXE. Not only that, but Cyber Riot used several Windows functions not documented in any of the Developers' Kits. Indeed, it can be said that Cyber Riot was one of the first advanced Windows viruses.
VB's full analysis of Cyber Riot, from January 1994, can be read here in HTML-format, or downloaded here as a PDF (no registration or subscription required).
Posted on 30 July 2015 by Helen Martin
